7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:21

Sharing

Report Analysis Logs

General

Target

7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a.dll
Size

574KB
MD5

648e53270a471a47e2e39c6e209eef1f
SHA1

dfad0e043414f311000698261339cd0120dd5d8a
SHA256

7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a
SHA512

fffe9e86ac812c88d6853ecae5b9e6baa000a42bf1944670ace761e20f7d289b988e3bb2ebed5213b70632c69e5934b211e61c0216639e13a30638005eeca3f9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 668 wrote to memory of 1996	668	regsvr32.exe	regsvr32.exe
PID 668 wrote to memory of 1996	668	regsvr32.exe	regsvr32.exe
PID 668 wrote to memory of 1996	668	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 3576	1996	regsvr32.exe	rundll32.exe
PID 1996 wrote to memory of 3576	1996	regsvr32.exe	rundll32.exe
PID 1996 wrote to memory of 3576	1996	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\7bf6fd5e1d270fc3d903bbf1eb844e2fd1baa5882a515c336f2f0c2a885e562a.dll",DllRegisterServer
3⤵
PID:3576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-115-0x0000000000000000-mapping.dmp

Download
memory/1996-117-0x0000000004155000-0x0000000004156000-memory.dmp

Filesize
4KB

Download
memory/1996-116-0x0000000004131000-0x0000000004155000-memory.dmp

Filesize
144KB

Download
memory/3576-118-0x0000000000000000-mapping.dmp

Download